[167280] in North American Network Operators' Group
=?windows-1252?Q?Re=3A_Someone=92s_Been_Siphoning_Data_Through_a_Huge_S?=
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Fri Dec 6 14:51:02 2013
In-Reply-To: <E457669B-8730-4EF1-8E26-48D04A46D74B@puck.nether.net>
Date: Fri, 6 Dec 2013 14:49:12 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Jared Mauch <jared@puck.nether.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Dec 6, 2013 at 2:48 PM, Jared Mauch <jared@puck.nether.net> wrote:
>
> On Dec 6, 2013, at 1:39 PM, Brandon Galbraith <brandon.galbraith@gmail.com> wrote:
>
>> If your flows are a target, or your data is of an extremely sensitive
>> nature (diplomatic, etc), why aren't you moving those bits over
>> something more private than IP (point to point L2, MPLS)? This doesn't
>> work for the VoIP target mentioned, but foreign ministries should most
>> definitely not be trusting encryption alone.
>
> I will ruin someones weekend here, but:
>
> MPLS != Encryption. MPLS VPN = "Stick a label before the still unencrypted IP packet".
great, now how do I get a private link?
> MPLS doesn't secure your data, you are responsible for keeping it secure on the wire.
but, but,but! they told me it was private!
